Vlan with variable subnet problem

Unanswered Question
Apr 9th, 2009
User Badges:

Hello All,


I have a strange problem and I hope someone here can help me. Here is a brief explanation of the problem:


I have a Cisco 3550 layer 3 switch, which is configured with multiple Vlans and inter Vlan routing is enabled. Most of the Vlans have class C IP subnet (i.e, 192.168.2.0/24)addressing schemes and are working just fine.  The clients that are members of these Vlans can access the resources in other subnets and access the Internet.  I have a Vlan (named ExternalWiFi) that has an IP subnet scheme of 192.168.12.0/22 and is acting a bit strange. The member workstations of this Vlan, which receive an IP address within the range of 192.168.12.1 through 192.168.12.254, can access other Vlan resources as well as accessing the Internet.  But, the clients who get an IP address in the range of 192.168.13.1 through 192.168.15.254 can't access the Internet. This Vlan is configured with the address of the dhcp server just like the other Vlans.  The dhcp server is running on a Windows 2000 SP4 server and here is the info about the addressing scheme of ExternalWiFi vlan:


Network:  192.168.12.0/22

Broadcast: 192.168.15.255

Gateway address: 192.168.12.1


Here is the result of the test that I did:


I put a host in ExternalWiFi Vlan and gave it a static IP address of 192.168.13.2/22 with gateway address of 192.168.12.1. I was able to ping hosts in same Vlan and other Vlans without any problem but I was not able to ping the host 192.168.2.3. This is the internal IP address of our firewall device and it is connected to port 3 of Cisco 3550 switch.


What do I need to do?


Thanks in advance,


Hossein Kholghi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jerry Ye Thu, 04/09/2009 - 05:48
User Badges:
  • Cisco Employee,

Hi Hossein,


Can you post the output of show ip route from your 3550 switch.


Regards,

jerry

h-kholghi Thu, 04/09/2009 - 05:54
User Badges:

Here is the result of show ip route:


AFS-3550#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route


Gateway of last resort is 192.168.2.3 to network 0.0.0.0


C 192.168.4.0/24 is directly connected, Vlan4

C 192.168.5.0/24 is directly connected, Vlan5

C 192.168.1.0/24 is directly connected, Vlan2

C 192.168.2.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 [1/0] via 192.168.2.3

C 192.168.12.0/22 is directly connected, Vlan7

C 192.168.8.0/22 is directly connected, Vlan6

C 192.168.16.0/22 is directly connected, Vlan8

Jerry Ye Thu, 04/09/2009 - 05:58
User Badges:
  • Cisco Employee,

Hi,


I don't see anything wrong on your switch. Can we check the routing table of the FW? Also, I am assuming you can ping your FW from other /24 VLAN's right?


Regards,

jerry

h-kholghi Thu, 04/09/2009 - 06:45
User Badges:

Hi Jerry,


I have no problem pinging the FW from other /24 Vlans and I am also able to ping the FW from a host with an ip address in range of 192.168.12.1 through 192.168.12.254. The problem starts when client gets an ip address of 192.168.13.1 and above. I am very sure the same problem applies to our other /22 Vlans.


Our FW routes 192.168.12.0/22.


Regards,


Hossein

Jerry Ye Thu, 04/09/2009 - 06:57
User Badges:
  • Cisco Employee,

Hi Hossein,


I see you have another another /22 VLAN on 192.168.8.0/22. I am assuming you don't have any problem on this one. Can you confirm?


Regards,

jerry

h-kholghi Thu, 04/09/2009 - 07:05
User Badges:

Hi Jerry,


I am very sure that I have the same problem with 192.168.8.0/22 subnet. The configuration of 192.168.8.0/22 and 192.168.12.0/22 subnets are similar.


Regards,


Hossein

h-kholghi Thu, 04/09/2009 - 07:45
User Badges:

Hi Jerry,


I checked our FW again and there it was the problem. The subnet 192.168.12.0 had subnet mask of 24 instead of 22. Once I changed it to /22 the clients were able to access the Internet.


We recently replaced our FW device and I am finding my ways with the new device.


Thanks for your help.


Hossein

Jerry Ye Thu, 04/09/2009 - 07:51
User Badges:
  • Cisco Employee,

Hi Hossein,


I am glad that your problem is solved.


Regards,

jerry

Actions

This Discussion